zanex/Grundlagen-zur-WebEntwicklung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Elias F. 1df292ceea Update README.md
2025-11-10 14:32:24 +00:00
README.md
Update README.md
2025-11-10 14:32:24 +00:00

README.md

🌐 Client-Server

HTTP Cycle

  1. Request: Browser → server (GET, POST, PUT, DELETE, PATCH; headers; body)
  2. Processing: Routing, logic, DB operations
  3. Response: Status codes (2xx, 4xx, 5xx), headers, body (HTML/JSON/assets)

Network Layers

App: HTTP/HTTPS, REST, GraphQL
Transport: TCP/UDP, WebSockets
Internet: IP routing, DNS
Link: Ethernet, WiFi, 5G

Web Servers

  • Nginx high performance, reverse proxy, load balancing
  • Apache flexible, mature
  • Caddy auto HTTPS
  • Cloudflare Workers edge/serverless

🛠️ Dev Environment

Stack

  • Runtime: Node.js 18+, PHP 8.1+, Python 3.11+, Docker/Podman
  • Web Server: Nginx, Apache, Caddy
  • DB: PostgreSQL 15+, MySQL 8+/MariaDB 10.8+, Redis, MongoDB
  • Tools: IDEs (VS Code, Zed), extensions (languages, Docker, Git, DB)

Setup

Docker:

version: '3.8'
services:

app: { build: ., ports: ['8080:80'] }
db: { image: postgres:15, environment: { POSTGRES_DB: myapp } }

redis: { image: redis:7-alpine }

Managed Services: Vercel, Netlify, Heroku, Render, AWS, Azure, GCP Local: brew/apt install nginx postgresql redis

⚠️ Security Risks

  1. Phishing fake sites; prevent with HTTPS & verification
  2. Data Theft unauthorized access; prevent with encryption & access control
  3. SQL Injection malicious input; prevent with prepared statements
  4. XSS script injection; prevent with output encoding
  5. Session Hijacking stolen sessions; prevent with secure cookies & HTTPS
  6. DoS/DDoS overload server
  7. CSRF trick users; prevent with CSRF tokens
  8. File Inclusion LFI/RFI attacks

🛡️ Protection

Encryption: HTTPS/TLS, data-at-rest encryption Auth: MFA, strong passwords, RBAC Validation: Input validation, prepared statements, output encoding Sessions: HTTP-only, Secure cookies, session regeneration Headers: CSP, X-Frame-Options, X-XSS-Protection, HSTS Monitoring: Logging, audits, intrusion detection Updates: Software patching, dependency management Prepared Statement Example:

$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$email]);
$user = $stmt->fetch();

Best Practices

  • Validate & sanitize input
  • Use prepared statements
  • Enforce HTTPS
  • Strong auth (MFA, secure passwords)
  • Security headers
  • Keep software updated
  • Monitor & log activity
  • Least privilege
  • Regular audits & pentests
  • Backup & recovery

📚 Resources

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 29 KiB